class UsersController < ApplicationController
  before_action :set_user, only: [:show, :edit, :update, :destroy]
  # GET /users
  # GET /users.json
  def index
    @users = User.all
  end

  # GET /users/1
  # GET /users/1.json
  def show
  end

  # GET /users/new
  def new
    reset_session
    @user = User.new
  end

  def login
    reset_session
    @user = User.new
  end

  def auth
    if user_params[:email].empty? || user_params[:password].empty?
      redirect_to login_users_path , :flash => {:danger => t('notice.login_error')}
      return
    end

    @user = User.authentication(user_params)
    if @user
      reset_session
      session[:user_id] = @user.id
      redirect_to root_path, :flash => { :success => t('notice.login_success') }
    else
      redirect_to login_users_path, :flash => { :danger => t('notice.login_error') }
    end
  end

  # GET /users/1/edit
  def edit
  end

  # POST /users
  # POST /users.json
  def create
    @user = User.new(user_params)
    @current = [new_users_path]
    if @user.save && user_params[:captcha].upcase == session[:code].upcase
      reset_session
      session[:user_id] = @user.id
      redirect_to root_path, :flash => { :success => 'asdasdasad' }
    else
      unless user_params[:captcha].blank?
        if user_params[:captcha].upcase != session[:code].upcase
          @user.errors.add(:captcha, t('mongoid.errors.messages.invalid'))
        end
      end
      render action: :new
    end
  end

  # PATCH/PUT /users/1
  # PATCH/PUT /users/1.json
  def update
    respond_to do |format|
      if @user.update(user_params)
        format.html { redirect_to @user, notice: 'User was successfully updated.' }
        format.json { render :show, status: :ok, location: @user }
      else
        format.html { render :edit }
        format.json { render json: @user.errors, status: :unprocessable_entity }
      end
    end
  end

  # DELETE /users/1
  # DELETE /users/1.json
  def destroy
    @user.destroy
    respond_to do |format|
      format.html { redirect_to users_url, notice: 'User was successfully destroyed.' }
      format.json { head :no_content }
    end
  end

  private
  # Use callbacks to share common setup or constraints between actions.
  def set_user
    @user = User.find(params[:id])
  end

  # Never trust parameters from the scary internet, only allow the white list through.
  def user_params
    #params[:user]
    params.require(:user).permit(:name,:email,:password,:password_confirmation,:captcha)
  end
end
